{"id":"CVE-2021-22147","details":"Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view.","aliases":["BIT-elasticsearch-2021-22147","GHSA-45h5-r968-5xr7"],"modified":"2026-04-11T23:34:03.469253Z","published":"2021-09-15T12:15:08.917Z","references":[{"type":"ADVISORY","url":"https://discuss.elastic.co/t/elastic-stack-7-14-0-security-update/280344"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20211008-0002/"},{"type":"ADVISORY","url":"https://www.elastic.co/community/security/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/elastic/elasticsearch","events":[{"introduced":"8ced7813d6f16d2ef30792e2fcde3e755795ee04"},{"fixed":"dd5a0a2acaa2045ff9624f3729fc8a6f40835aa1"}],"database_specific":{"versions":[{"introduced":"7.11.0"},{"fixed":"7.14.0"}]}}],"database_specific":{"vanir_signatures_modified":"2026-04-11T23:34:03Z","vanir_signatures":[{"id":"CVE-2021-22147-83e15f25","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["225934378297096443205996319287508664581","305324889570165299639096032500322130374","170310029445315469861065754189361442532","107750926380225791637906031407774933414"]},"source":"https://github.com/elastic/elasticsearch/commit/dd5a0a2acaa2045ff9624f3729fc8a6f40835aa1","deprecated":false,"target":{"file":"server/src/main/java/org/elasticsearch/snapshots/RestoreService.java"},"signature_type":"Line"},{"id":"CVE-2021-22147-938f76b3","signature_version":"v1","digest":{"function_hash":"291430067966160489700298674970247889651","length":580},"source":"https://github.com/elastic/elasticsearch/commit/dd5a0a2acaa2045ff9624f3729fc8a6f40835aa1","deprecated":false,"target":{"file":"server/src/main/java/org/elasticsearch/snapshots/RestoreService.java","function":"updateDataStream"},"signature_type":"Function"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22147.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}